In the beginning: it was a quiet day in 1992, seven shareholders got together and formed Tausi Assurance Company limited. The Company opened its doors quietly but confidently for business in 1993 in Westlands, with a Paid up capital of Kshs 20million and a staff of nine. Not many companies in the market have experienced the kind of growth that Tausi has demonstrated since its birth eighteen years ago. During the year 2009, after injection of capital by the shareholders, the company’s paid up capital increased to Kshs 219.9 Million as at December 2008. The company is now fully compliant with the minimum paid up capital requirement of Kshs 300 million. Swan Court is now Tausi Court after the company purchased the building in 2001. Tausi’s total assets stood at Kshs 19.7 million in 1993; this has grown to Kshs. 1.28 billion as at 2009 as against Ksh 1.08 billion as at 2008. Gross premiums of Kshs. 20 million booked in 1993 have grown to over Kshs. 510 Million as at 31st December 2009. The company’s sterling performance during the year 2009 is reflected by the after tax profit of Kshs. 98.4 million recorded for the year 2009 as against a loss of Kshs. 1.8million for the year 2008. On a personal level, Tausi offers domestic package insurance, car insurance, personal accident schemes and even sportsman insurance. And for its business, office, or corporate customers, Tausi can stand in the gap for fire, burglary, marine, workmen’s compensation, public liability, group accident, plate glass, money, motor, fidelity guarantee and many others. Tausi Assurance guarantees stability and reliability with strong support from reinsurers like P.T.A Re., G.I.C of India, Africa Reinsurance Company, East Africa Re and Kenya Re. Our attractive array of services and facilities are engineered to give our clients the best value for their money. Therefore it’s no surprise that Tausi has experienced such a remarkable level of demand for its services in such a short period of time.The bearer of the role will work closely with the Compliance, Risk, and IT functions to develop, implement, and monitor data protection policies, standards, and governance frameworks applicable to the business in compliance with the Data Protection The Data Protection Officer will monitor internal compliance and data processing practices to ensure that the business, its subsidiaries, and all functions comply with applicable data protection and privacy requirements She/He will be responsible for staff training, oversight of Data Protection Impact Assessments (DPIAs), and will act as the primary contact point for the ODPC and for individuals whose personal data is processed by the organization Essential functions Establish and maintain the organization’s data protection governance framework, including the implementation roadmap, policies, and standardized templates for data collection, consent management, and data mapping. Provide advisory support to business units on the implementation of data protection requirements, ensuring compliance with the Data Protection Act, CAP 411C, and embedding privacy principles across processes, systems, and digital platforms. Develop, maintain, and ensure audit readiness of the Records of Processing Activities (ROPA) and related documentation, covering processing purposes, data categories, retention periods, and lawful bases. Design and deliver data protection training programs, ensuring continuous staff awareness in line with regulatory developments and emerging risks. Conduct and review Data Protection Impact Assessments (DPIAs) for new and high-risk processing activities, including products, systems, and digital platforms. Perform periodic compliance reviews and audits to assess adherence to internal policies and regulatory requirements, and drive timely remediation of identified gaps. Collaborate with IT to ensure effective data protection and security controls, including maintenance of data asset registers and implementation of incident management frameworks. Oversee and coordinate data breach and incident response processes, including breach detection, containment, investigation, impact assessment, regulatory notification, communication to affected data subjects, and post-incident remediation. Maintain the company’s personal data breach register. Manage data subject rights requests (including access, rectification, objection, restriction, and deletion), ensuring compliance with statutory timelines and proper documentation of responses. Support the development, review, and implementation of privacy notices across all data collection points, ensuring transparency and compliance. Serve as the primary liaison with the Office of the Data Protection Commissioner (ODPC) and other relevant stakeholders, including regulators, data controllers/processors, and data subjects, during inspections, audits, investigations, and ongoing engagements. Monitor regulatory developments, industry trends, and best practices in data protection, and provide proactive guidance to ensure continuous organizational compliance. Prepare and submit periodic and annual reports, including compliance reports, risk updates, and work plans to senior management, Board committees, and the ODPC. Academic Qualifications  Bachelor’s degree in Law, Information Technology, Computer Science, Information Systems, or a related discipline from a recognized institution. Professional Qualifications Certification in Data Protection and Privacy (mandatory), such as: Certified Information Privacy Professional (CIPP/E, CIPP/IT, or equivalent) – IAPP Certified Information Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Experience Minimum of 5 years’ relevant experience in compliance, risk, legal, audit, or information governance within financial services (preferably insurance or banking). Demonstrated experience in conducting or supporting at least one Data Protection Impact Assessment (DPIA). Experience engaging with regulators, auditors, or supervisory authorities is highly desirable. Exposure to insurance operations (claims, underwriting, medical data, or fraud systems) will be an added advantage. Skills and Attributes Strong expertise in data protection law, regulatory compliance, and privacy governance Excellent understanding of insurance operations and data lifecycle management Strong analytical and risk assessment capability High level of integrity, independence, and professional judgment Excellent communication, stakeholder engagement, and influencing skills Strong training and awareness-building capability Strategic thinking and decision-making ability Strong organizational and project management skills Ability to manage competing priorities under tight timelines High attention to detail and documentation discipline Negotiation and conflict resolution skills Data analytics and reporting capability Software and systems proficiency (including governance tools, compliance systems, or GRC platforms) Discretion and strict confidentiality in handling sensitive data.